gsoc proposal

[Matthieu Patou]

Dear team,

I had 2 ideas for people who wants to apply for google summer of code.
They are both related to samba 4.

1) Implement server side GPO in samba 4.
The idea here is that when you set a GPO for something that has to be 
done on the DC (ie. the password age) then it is automatically and 
quickly (within a couple of minutes) applied into the samba database 
(sam.ldb I think).

For the moment for such parameters we have to run manually python 
scripts on one DC to make effective. There is the risk that the value 
set in the GPO is not the one really stored in the database and so there 
is a manual step.
With this project we aim at manipulating this parameters directly from 
gpmc.msc.
A lot of bricks needed are already present, it's mostly a matter to glue 
them together and of course to make tests.

The big picture as I saw it is to start a "thread" in samba4 (as it's 
done for the dns updates) that will scan gpo files on startup and also 
that will monitor gpo files and dir for addition/removal (it can use 
inotify or similar things on os that support it).
Once a gpo file is found we use libgpo to parse it and to find if there 
is an entry that concerns the server if so parse the value and modify 
the database accordingly (if needed).

The first milestone would be to make it work with a simple monitor that 
periodically scan the gpo folder, search for gpo files and more 
precisely for the password age parameter (as it is the most recurrent 
question related to server side GPO), and then modify the database entry 
related to this.
The code would have to be modular so that managing another parameter 
(ie. minimum password length) must be done very easily and with only few 
extra code.

For students willing to go further there is different possibility:

* make the gpo monitoring more clever by using file monitoring calls for 
the os (inotify, ...) (simple)
* manage some subtle part of the gpo (like precedence of gpo defined on 
OU=boo,DC=foo,DC=bar on one define on DC=foo,DC=bar) (medium to complicated)
* analyze different options that should be parsed and applied to the 
samba 4 domain database, for the moment the list for parameters that are 
set through GPO and that are known to have an impact on the database is 
fairly small. The goal here to find out more parameters like that.


2) Implement login / logout related counter update
For the moment the attributes related to login and logout are not 
updated by samba.
The goal of this project is to understand in which case windows update 
the counters (ie. most probably during interactive logon but also maybe 
with some netlogon calls ?) and to implement counter and timestamp 
update is samba code so that this information can be available.
This project of course include the development of unit tests and should 
be suitable for a gsoc. It's to my mind an easy project that will allow 
any willing student to dive more deeply into samba code.


As for the mentor I don't know I'm not against mentoring this project, 
but I suppose that project should (must?) be mentored by people from 
samba team and also I might lack some samba rules knowledge that can be 
valuable for mentoring students.

Matthieu.